How real-world incidents are shaping crisis strategies – Insights from Anna Averud at Truesec

Insights|March 7, 2025

In today’s digital landscape, crisis preparedness is a necessity. With the current geopolitical situation and the increased number of cyber threats, companies are increasingly forced to review and update their crisis management strategies.

In this article, we asked Anna Averud from Truesec about the current state of corporate preparedness, highlighting the need for robust crisis planning, proactive risk identification, and cross-functional training.

Current state of crisis preparedness

How well do companies today prepare for crises, particularly in terms of cybersecurity?

Crisis awareness has grown due to the geopolitical situation and the increased cyber threats. The overall preparedness is hard to estimate, but investments in cybersecurity continue to increase, and the cyber industry is growing in value. Critical infrastructure and enterprise organizations are more mature and better prepared. Mid- and small-sized organizations are, in general, more vulnerable and less prepared.

We highly recommend prioritizing the identification of key risks and adopting a solution-oriented approach.

What are the most common vulnerabilities or oversights in corporate crisis planning?

Crisis planning and exercises are essential, particularly in uncertain times that may lead to diverse challenges. Proactively mapping and understanding an organization’s risks provides a strong foundation for preparedness.

Organizations with crisis plans respond to cyberattacks more efficiently, minimizing effort and client impact. Clear roles and responsibilities streamline the process. Training together with your cyber partner enhances response speed and reduces the impact of breaches.

Lessons from real-world events

Based on your experience, what recent incidents have highlighted the need for better preparation?

I am unable to comment on specific events; however, the key takeaway is the importance of decisiveness, particularly from owners and boards, in providing clear direction and conditions to succeed and be prepared for crises.

It is essential to act and ensure that investments are strategically allocated where they deliver the greatest impact. A SWOT analysis is very helpful in building a cyber roadmap and setting priorities.

Are there specific industries that have demonstrated strong crisis preparedness models?

There are good examples, and those that focus on and conduct exercises – thereby preparing for crises – perform well. I would say that banking and finance have long experience with the topic.

Public-private collaboration

How do you see the role of companies in securing society against cyber threats?

We are in a time where securing society is a shared goal that makes collaboration essential. I welcome all initiatives and partnerships, confident that cooperation is key and that we must continuously explore the “how” to achieve it effectively.

What are the benefits of companies working more closely with government agencies on crisis planning?

My belief is that common goals and objectives unify us; we are all winners if we safeguard society. We can increase our impact together while respecting the fact that we have different ways of financing and leading our operations. Let’s find new solutions and take leadership.

How important is cross-functional crisis training between IT, legal, and executive teams?

It is crucial, and I would like to add communications to the list.

Truesec’s role in strengthening preparedness

What kinds of partnerships and collaborations does Truesec engage in to enhance cybersecurity resilience?

Preparedness is our core business; we do nothing other than prevent cyber risks and crises and partner with organizations to strengthen cybersecurity resilience.

From a broad perspective, I believe in prioritizing partnerships and crisis planning to strengthen capacity and enable swift recovery. Collaborating to restore operations builds resilience and makes us collectively stronger.

With a broad network of partnerships across organizations and companies, we operate 24/7 to serve and protect. We continuously expand our capacity and capabilities to meet evolving needs and safeguard critical infrastructure, ensuring the availability of digital services.

Lessons learned

How do you see cyber threats evolving in the next five years? What should companies do now to stay ahead of emerging threats?

Organizations must adopt a strategic approach to cyber threats, treating them as a critical risk that extends beyond the organization itself due to their societal impact. Providing the necessary resources and frameworks to align with leadership directives is essential to maximize protection and ensure the value of every cybersecurity investment.

Boards and owners must elevate their ambitions and engagement, driven by the geopolitical landscape and the financial incentives fueling cybercrime. While rapid technological advancements present new challenges, they also offer opportunities to strengthen cybersecurity.

Strong leadership and decisive action are vital – take the lead, protect, and collaborate to build resilience.